Lead DevSecOps Engineer

Own and enforce DevSecOps practices across CI/CD pipelines (SAST, DAST, SCA, and other practices)

Integrate automated security tooling into development workflows; reduce manual security gates

Partner with development teams to perform secure code reviews and threat modeling

Drive vulnerability identification, triage, and remediation across infrastructure and applications

Manage security tooling stack

Produce and maintain a risk register; track remediation SLAs

Lead or coordinate internal/external penetration testing cycles

Manage crowd testing campaigns

Develop and maintain an incident response playbook; support incident investigations

Support compliance with SOC 2, ISO 27001, GDPR, and relevant data protection frameworks

Define and enforce security policies, standards, and developer security training

Act as the primary security SME for the engineering organization

Mentor developers on secure coding practices; build a security-first engineering culture

Interface with external auditors, clients, and the executive team on security posture

5+ years of experience in DevSecOps, application security, or security engineering

Demonstrated experience managing security in software development environments (not just ops/infrastructure)

Strong development background, proficiency in at least 1 language (eg: Python, Go, Java, C#)

Hands on experience with CI/CD security tooling (SAST/DAST/SCA integration, secrets management)

Experience with cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes)

Familiarity with SOC 2 or ISO 27001 compliance frameworks

Excellent English communication skills (written and verbal)

Penetration testing experience or relevant certification (OSCP, CEH, GPEN)

Security certifications (CISSP, CSSLP, AWS Security Specialty, or similar)

Experience at a B2B SaaS or cybersecurity product company

Familiarity with insider threat, DLP, or endpoint security product domains